With GDPR not far away now, all organisations that hold personal information must ensure that they have systems and processes in place to demonstrate that they are compliant when the regulation becomes law in May 2018. Essentially the new regulations are designed to give all EU citizens greater control over their personal data – who has it and how it is to be used. Personal data can be a name, email, address, date of birth, personal interests, unique identifiers, digital footprints and more.

We have been working hard to ensure our customers have the best tool to help them comply with GDPR. You too can take advantage of these extensive features built-in to SubscriberCRM, they include:

Consent

Definable Consent Categories can be set up; each having check boxes for mailing, emailing, SMS and calling - as well as a preferred merge type. Consent given or revoked is easily recorded together with how it was given and who recorded it - building up an audit of opt-ins and opt-outs.

Communication Control

Using the above Consent Categories, communication control can be enforced to ensure only those contacts opting-in are included together with their preferred method of communication. Our Combined Merge facility ensures only those people opting-in receive a communication but also makes sure everyone who has opted-in receives a communication no matter what their preferred method of delivery is.

Individuals’ Right to be Forgotten

With our two-stage deletion and removal process contacts can be forgotten - i.e. any identifying information can be removed - so that any details held are anonymous; whilst retaining information such as payments for which there may be a legal or legitimate reason to keep it.

Any rejections to requests for removal can be recorded with the reason why, date rejected and by whom.

Object to Processing

Any objections to processing of personal data can be recorded with reason why and date requested.

Subject Access Request

A contact can request to have a report of all their details held by the organisation. A Subject Access Request report is available for a contact and can be printed out.

Data Security

It is possible to password protect Microsoft Excel exports created from within SubscriberCRM, so that if they are misplaced they cannot be freely opened without the password. All exports are recorded in the Export History - identifying who created the export, when it was created and a copy of the file; enabling affected contacts to be identified and informed if a data breach occurs.

SubscriberCRM uses Microsoft SQL Server or Microsoft Azure SQL to securely store your data, so your data is protected from unauthorised access. And, although not a requirement of GDPR, the SubscriberCRM data can also be encrypted at rest by hosting with Microsoft Azure SQL or by using Microsoft SQL Enterprise.